WebApp Sec mailing list archives

Data sanitization approaches in Java

From: "Benjamin Livshits" <livshits () cs stanford edu>
Date: Fri, 14 Jan 2005 13:20:56 -0800

I was wondering about data sanitization strategies commonly used in
today's Web applications, especially those written using J2EE. I am
aware of libraries that would simplify the sanitization process for you,
however, I haven't really seen many applications that use anything more
sophisticated than URL-encoding the user-supplied string data.

Are there some common sanitization strategies that people actually use
in their code on a regular basis? 

Thanks in advance,
-Ben

Current thread:

RE: Proposal to anti-phishing, (continued)
- - RE: Proposal to anti-phishing WebAppSecurity [Technicalinfo.net] (Jan 15)
  - Re: Proposal to anti-phishing Rogan Dawes (Jan 15)
- Re: Proposal to anti-phishing Rogan Dawes (Jan 15)
  - RE: Proposal to anti-phishing Lyal Collins (Jan 16)
    - Re: Proposal to anti-phishing Moksha Faced (Jan 19)
    - RE: Proposal to anti-phishing Lyal Collins (Jan 19)
    - Re: Proposal to anti-phishing Rogan Dawes (Jan 19)
    - RE: Proposal to anti-phishing Lyal Collins (Jan 19)
  - Re: Proposal to anti-phishing Rob Skedgell (Jan 19)
    - Re: Proposal to anti-phishing Cory Foy (Jan 23)
- Data sanitization approaches in Java Benjamin Livshits (Jan 15)
  - Re: Data sanitization approaches in Java Jeff Williams (Jan 16)
    - Re: Data sanitization approaches in Java Stephen de Vries (Jan 19)
- Re: Proposal to anti-phishing Florian Weimer (Jan 16)
  - Re: Proposal to anti-phishing Rogan Dawes (Jan 19)
    - RE: Proposal to anti-phishing Lyal Collins (Jan 23)
    - Re: Proposal to anti-phishing Rogan Dawes (Jan 24)
    - RE: Proposal to anti-phishing Lyal Collins (Jan 24)
    - Re: Proposal to anti-phishing Rogan Dawes (Jan 24)
    - Re: Proposal to anti-phishing Griffiths, Ian (Jan 24)
    - RE: Proposal to anti-phishing Lyal Collins (Jan 24)

(Thread continues...)